The FBI is still keeping officials in the dark about a possible hack in Florida during the 2016 election, even as dozens of elections supervisors and representatives from across the state are demanding more information.
The statewide ire stems from vague details in Special Counsel Robert Mueller's report on Russian interference in the 2016 elections and a cagey validation from Sen. Marco Rubio, who told the New York Times last month that the Kremlin-sponsored hackers were "in a position” to manipulate voter information.
"I just find it unacceptable. If they don't have indisputable evidence that they were hacked, then they need to keep their mouths shut," Alan Hayes, Lake County's elections supervisor, said in an interview. "Because this kind of nonsense only undermines the confidence of the public in our systems."
The Mueller report, which says they "understand that the FBI believes" Russian hackers accessed information in "at least one Florida county government," didn't identify which county fell victim. And despite numerous calls with local officials on elections systems best-practices, the Department of Homeland Security and the FBI refuse to release more details.
The Florida Department of State, which oversees the state's elections infrastructure, didn't know anything about the possible intrusion. "Upon learning of the new information released in the Mueller report, the Department immediately reached out to the FBI to inquire which county may have been accessed, and they declined to share this information with us," DOS spokesperson Sarah Revell said in a statement.
Paul Lux, the president of Florida State Association of Supervisors of Elections, asked Homeland Security about the intrusion but was referred to the Multi-State Information Sharing and Analysis Center (MS-ISAC) – a statewide program run by the Center for Internet Security that sends elections officials cybersecurity notifications almost every time a hacking attempt is made.
Lux said MS-ISAC never sent any updates regarding the 2016 intrusion mentioned in the Mueller report. "If the federal government knows the malicious actor is poised to act, what is their responsibility toward those of us who could potentially be affected by that?" Lux asked.
U.S. Reps. Stephanie Murphy and Michael Waltz asked the Department of Justice and the FBI last Thursday for a classified briefing to be given to Florida's congressional delegation on the "nature and extent of the Russian government’s efforts to interfere in Florida during the 2016 presidential election." The DOJ has yet to respond.
"Florida voters have the right to know the extent to which foreign actors may have breached our state's election security systems, and what the federal government is doing to prevent it from happening again," Murphy said in a statement. "As the country's largest swing state, we cannot allow the integrity of our democratic process to be compromised."
U.S. Sen. Rick Scott and Gov. Ron DeSantis are expected to meet with the FBI in the coming weeks to discuss the hackings. "They won’t tell us which county it was. Are you kidding me? Why would you not say something immediately?" DeSantis was quoted as saying last month in the Miami Herald.
"We're going to make it public," DeSantis told reporters. "Unless somehow it’s classified, the public has a right to know what may have happened."
Homeland Security and the FBI held a statewide conference call with elections supervisors in August 2016 to suggest a swath of new security protocols to fend against sprearphishing emails – poisonous messages usually including links or attachments that, when clicked on or downloaded, give hackers access to the recipient's personal account information.
The 2016 hackers targeted 120 Florida county officials with spearphishing emails designed to look like updates from the voter management company VR Systems, which all but three Florida counties use.
Orange County's elections supervisor Bill Cowles, whose office is among the three without VR Systems, said his office didn't receive any spearphishing attempts. "We have been contacted by the FBI and DHS since the 2016 elections," Cowles said. "Both offering advice and guidance on how to protect our systems going forward."
Kari Ewalt, a spokeswoman for Osceola County Supervisor of Elections, said their office did receive the spearphishing email in 2016, but was not affected by it. "We did receive the phishing email in 2016. No one in our office opened the email attachment," Ewalt said. "We have since given our server logs to the FBI and DHS has visited to conduct an audit of our security. DHS said our security procedures were working well. We have not heard anything from the FBI."
But still, advice on how to arm elections infrastructure isn't enough to assuage counties. "I don't buy this garbage of them saying, 'Oh well, we don't want to risk exposing our sources,'" Hayes, the Lake County supervisor, said. "If they're as sophisticated as we expect them to be, they would find ways to let us know that we've had a weakness exposed... and they should be able to do that without exposing where their sources are."
Want to know everything going on with Tampa Bay's food and drink scene? Sign up for our Bites newsletter.